MCP configs are a silent security risk. I built mcp-scan to fix that.

MCP (Model Context Protocol) is the new standard for connecting AI assistants to tools. Claude, Cursor, VS Code Copilot, and Windsurf all use it. Millions of developers now have MCP server configs sitting on their machines.

Those configs are a mess from a security standpoint.

What goes wrong

Here's what I found looking at real MCP configs:

Leaked secrets. People hardcode GitHub tokens, OpenAI keys, and database credentials directly in the env block. The config file sits in a predictable path with no protection.

Typosquatted packages. The MCP ecosystem is new and the package names are long. @modelcontextprotocol/server-filesystem vs @modeicontextprotocol/server-filesystem - one character difference, easy to miss, potentially malicious.

Overly broad permissions. Filesystem servers configured with / as the allowed path instead of ~/projects. One prompt injection later and an AI assistant has read access to your entire machine.

Insecure transport. SSE-based MCP servers running over HTTP instead of HTTPS. Credentials in transit.

What I built

mcp-scan is a CLI that scans your MCP server configs and flags these issues. It checks:

• API keys, tokens, and other secrets in env vars and args
• Package names against a typosquatting detection algorithm
• Filesystem permissions for overly broad access
• JSON config for missing env vars, malformed structure, injection patterns in args
• Transport security for SSE servers

Supports Claude Desktop, Cursor, VS Code Copilot, Claude Code, and Windsurf out of the box.

Usage

npx mcp-scan

That's it. No install required for a one-off scan.

Example output when it finds issues:

Cursor - shady-analytics
Config: /Users/rodolf/.cursor/mcp.json
HIGH  | typosquat-detection | Package 'mcp-analytics-proo' looks suspiciously like official package

VS Code - github-leaky
Config: /Users/rodolf/.vscode/mcp.json
CRITICAL | exposed-secret | Exposed GitHub Token in environment variable 'GITHUB_TOKEN'

CRITICAL: 2 servers scanned in 12ms. Critical: 1, High: 1, Medium: 0.

CI/CD integration

You can run it in GitHub Actions to catch issues before they ship:

- run: npx mcp-scan ci

Returns exit code 1 if critical or high severity issues are found.

Links

• GitHub: https://github.com/rodolfboctor/mcp-scan
• npm: npm install -g mcp-scan

v1.0.1, just shipped. Feedback welcome - open an issue if you find a config pattern it misses.